With ransomware attacks on the rise, now is the time to make sure your practice's email system is protected.
The holiday season is prime time for cybercriminals. IT teams are short-staffed, and businesses may be running on a minimally operational team because many employees take time off. Since email is one of the main threat vectors for cybercrime, now is a great time to reevaluate your email security going into 2022.
Ransomware is on the rise
The threat of ransomware continues to increase as threat actors evolve their tactics. It is the most prominent malware threat, and malicious emails are up 600% since the COVID-19 pandemic began.
The current average ransom fee is $200,000, up from just $5,000 in 2018. The largest reason for the increase in attacks is that more companies are choosing to pay the ransom to get their data back. Cryptocurrency exchanges also allow for more anonymity in criminal transactions.
A history of holiday breaches
The July 4th weekend saw a huge surge of network disruption when Kaseya software fell victim to a ransomware attack. It caused hundreds of businesses to close and is considered the largest ransomware attack on record. The attack reportedly started on Friday afternoon as many employees logged off and headed into the holiday weekend.
Healthcare is a hacker’s favorite target
While cybercriminals attack all types of businesses during the holidays, they especially like to exploit the healthcare industry. Covered entities are a juicy target for cybercrime because of the high value of protected health information (PHI) on the black market, and providers are more likely to pay a ransom to get their data back since lives may hang in the balance.
Healthcare organizations also have large, vulnerable attack surfaces, often with lax cybersecurity controls, and employees are often stressed and overworked.
It’s only gotten worse during the pandemic. The number of hacking incidents reported in healthcare climbed for the fifth straight year in 2020, jumping 42% in 2020 alone.
CISA weighs in
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) recently released best practices for ransomware awareness during holidays. Some of their recommendations include:
Email phishing no doubt made CISA’s list since it has become the leading entry point for ransomware attacks. But teaching employees to spot malicious emails isn’t enough to protect your team’s inboxes. Rather than stress about unavoidable human error, healthcare providers should utilize strong cybersecurity measures from the outset that takes the onus off of individuals to protect their data.
Healthcare providers should implement robust inbound email security in addition to sending outbound HIPAA compliant email. The best solutions will block malicious messages containing ransomware and other threats from reaching the inbox in the first place.
For more on this topic, read our other article in Physician’s Practice: Cybersecurity best practices for email communications.